VulnerableCode Package Details - pkg:composer/symfony/error-handler@5.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-ugce-e42m-1fgj Aliases: CVE-2020-5274 GHSA-m884-279h-32v2	Exceptions displayed in non-debug configurations in Symfony Description ----------- When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments. Resolution ---------- The `ErrorHandler` class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-`debug` environments. The patches for this issue are available [here](https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad) and [here](https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db) for branch 4.4. Credits ------- I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue.	5.0.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ugce-e42m-1fgj
Aliases:
CVE-2020-5274
GHSA-m884-279h-32v2

Exceptions displayed in non-debug configurations in Symfony Description ----------- When `ErrorHandler` renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-`debug` environments. Resolution ---------- The `ErrorHandler` class now escapes all properties coming from the related Exception, and the stacktrace is not displayed anymore in non-`debug` environments. The patches for this issue are available [here](https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad) and [here](https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db) for branch 4.4. Credits ------- I would like to thank Luka Sikic for reporting & Yonel Ceruto and Jérémy Derussé for fixing the issue.

5.0.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:02:10.884000+00:00	GitLab Importer	Affected by	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.4.0
2026-04-11T22:13:30.654348+00:00	GitLab Importer	Affected by	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.3.0
2026-04-02T22:25:51.530320+00:00	GitLab Importer	Affected by	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.1.0
2026-04-01T16:43:48.426335+00:00	GitLab Importer	Affected by	VCID-ugce-e42m-1fgj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/error-handler/CVE-2020-5274.yml	38.0.0